# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
pkgname=firefox-esr
pkgver=128.4.0
# Date of release, YY-MM-DD for metainfo file (see package())
# https://www.mozilla.org/firefox/organizations/notes/
_releasedate=2024-10-29
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
# s390x: blocked by lld
# armhf: mismatched NEON flags; no `vmulq_f32` in `core_arch::arch::arm`
arch="all !s390x !armhf"
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
install="$pkgname.post-upgrade"
depends="
	ffmpeg-libavcodec
	"
_llvmver=19
makedepends="
	alsa-lib-dev
	automake
	bsd-compat-headers
	cargo
	cbindgen
	clang$_llvmver
	clang$_llvmver-libclang
	compiler-rt
	dbus-dev
	gettext
	gtk+3.0-dev
	hunspell-dev
	icu-dev
	libevent-dev
	libffi-dev
	libjpeg-turbo-dev
	libnotify-dev
	libogg-dev
	libtheora-dev
	libtool
	libvorbis-dev
	libvpx-dev
	libwebp-dev
	libxcomposite-dev
	libxt-dev
	lld
	llvm$_llvmver-dev
	m4
	mesa-dev
	nasm
	nodejs
	nspr-dev
	nss-dev
	pipewire-dev
	pulseaudio-dev
	python3
	sed
	wasi-sdk
	wireless-tools-dev
	zip
	"
subpackages="$pkgname-intl"
source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
	esr-metainfo.patch
	fix-fortify-system-wrappers.patch
	fix-rust-target.patch
	fix-webrtc-glibcisms.patch
	force-can-use-pack-relative-relocs.patch
	icu74.patch
	lfs64.patch
	loong0001-Enable-WebRTC-for-loongarch64.patch
	loong0002-Rust-libc-add-support-for-loongarch64-musl.patch
	loong0003-Define-HWCAP_LOONGARCH_LSX_and_LASX.patch
	loong0004-Fix-ycbcr-chromium_types-warning.patch
	loong0005-Fix-libyuv-build-with-LSX-LASX.patch
	no-ccache-stats.patch
	nrappkit-qsort.patch
	ppc-musttail.patch
	riscv64-no-lto.patch
	rust-lto-thin.patch
	sandbox-fork.patch
	sandbox-sched_setscheduler.patch
	sqlite-ppc.patch

	stab.h

	firefox.desktop
	distribution.ini
	mozilla-location.keys
	vendor-prefs.js
	"
options="!check"

builddir="$srcdir/firefox-$pkgver"
_mozappdir=/usr/lib/firefox-esr

# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
sonameprefix="$pkgname:"

# secfixes:
#   115.6.0-r0:
#     - CVE-2023-6856
#     - CVE-2023-6865
#     - CVE-2023-6857
#     - CVE-2023-6858
#     - CVE-2023-6859
#     - CVE-2023-6860
#     - CVE-2023-6867
#     - CVE-2023-6861
#     - CVE-2023-6862
#     - CVE-2023-6863
#     - CVE-2023-6864
#   115.5.0-r0:
#     - CVE-2023-6204
#     - CVE-2023-6205
#     - CVE-2023-6206
#     - CVE-2023-6207
#     - CVE-2023-6208
#     - CVE-2023-6209
#     - CVE-2023-6212
#   115.4.0-r0:
#     - CVE-2023-5721
#     - CVE-2023-5732
#     - CVE-2023-5724
#     - CVE-2023-5725
#     - CVE-2023-5726
#     - CVE-2023-5727
#     - CVE-2023-5728
#     - CVE-2023-5730
#   115.3.1-r0:
#     - CVE-2023-5217
#   115.3.0-r0:
#     - CVE-2023-5168
#     - CVE-2023-5169
#     - CVE-2023-5171
#     - CVE-2023-5174
#     - CVE-2023-5176
#   115.2.1-r0:
#     - CVE-2023-4863
#   115.2.0-r0:
#     - CVE-2023-4573
#     - CVE-2023-4574
#     - CVE-2023-4575
#     - CVE-2023-4576
#     - CVE-2023-4577
#     - CVE-2023-4051
#     - CVE-2023-4578
#     - CVE-2023-4053
#     - CVE-2023-4580
#     - CVE-2023-4581
#     - CVE-2023-4582
#     - CVE-2023-4583
#     - CVE-2023-4584
#     - CVE-2023-4585
#   115.1.0-r0:
#     - CVE-2023-4045
#     - CVE-2023-4046
#     - CVE-2023-4047
#     - CVE-2023-4048
#     - CVE-2023-4049
#     - CVE-2023-4050
#     - CVE-2023-4052
#     - CVE-2023-4054
#     - CVE-2023-4055
#     - CVE-2023-4056
#     - CVE-2023-4057
#   115.0.2-r0:
#     - CVE-2023-3600
#   115.0-r0:
#     - CVE-2023-3482
#     - CVE-2023-37201
#     - CVE-2023-37202
#     - CVE-2023-37203
#     - CVE-2023-37204
#     - CVE-2023-37205
#     - CVE-2023-37206
#     - CVE-2023-37207
#     - CVE-2023-37208
#     - CVE-2023-37209
#     - CVE-2023-37210
#     - CVE-2023-37211
#     - CVE-2023-37212
#   102.12.0-r0:
#     - CVE-2023-34414
#     - CVE-2023-34416
#   102.11.0-r0:
#     - CVE-2023-32205
#     - CVE-2023-32206
#     - CVE-2023-32207
#     - CVE-2023-32211
#     - CVE-2023-32212
#     - CVE-2023-32213
#     - CVE-2023-32214
#     - CVE-2023-32215
#   102.10.0-r0:
#     - CVE-2023-29531
#     - CVE-2023-29532
#     - CVE-2023-29533
#     - CVE-2023-1999
#     - CVE-2023-29535
#     - CVE-2023-29536
#     - CVE-2023-29539
#     - CVE-2023-29541
#     - CVE-2023-29542
#     - CVE-2023-29545
#     - CVE-2023-1945
#     - CVE-2023-29548
#     - CVE-2023-29550
#   102.9.0-r0:
#     - CVE-2023-25751
#     - CVE-2023-28164
#     - CVE-2023-28162
#     - CVE-2023-25752
#     - CVE-2023-28163
#     - CVE-2023-28176
#   102.8.0-r0:
#     - CVE-2023-25728
#     - CVE-2023-25730
#     - CVE-2023-0767
#     - CVE-2023-25735
#     - CVE-2023-25737
#     - CVE-2023-25738
#     - CVE-2023-25739
#     - CVE-2023-25729
#     - CVE-2023-25732
#     - CVE-2023-25734
#     - CVE-2023-25742
#     - CVE-2023-25744
#     - CVE-2023-25746
#   102.7.0-r0:
#     - CVE-2022-46871
#     - CVE-2023-23598
#     - CVE-2023-23599
#     - CVE-2023-23601
#     - CVE-2023-23602
#     - CVE-2022-46877
#     - CVE-2023-23603
#     - CVE-2023-23605
#   102.6.0-r0:
#     - CVE-2022-46880
#     - CVE-2022-46872
#     - CVE-2022-46881
#     - CVE-2022-46874
#     - CVE-2022-46875
#     - CVE-2022-46882
#     - CVE-2022-46878
#   102.5.0-r0:
#     - CVE-2022-45403
#     - CVE-2022-45404
#     - CVE-2022-45405
#     - CVE-2022-45406
#     - CVE-2022-45408
#     - CVE-2022-45409
#     - CVE-2022-45410
#     - CVE-2022-45411
#     - CVE-2022-45412
#     - CVE-2022-45416
#     - CVE-2022-45418
#     - CVE-2022-45420
#     - CVE-2022-45421
#   102.4.0-r0:
#     - CVE-2022-42927
#     - CVE-2022-42928
#     - CVE-2022-42929
#     - CVE-2022-42932
#   102.3.0-r0:
#     - CVE-2022-3266
#     - CVE-2022-40959
#     - CVE-2022-40960
#     - CVE-2022-40958
#     - CVE-2022-40956
#     - CVE-2022-40957
#     - CVE-2022-40962
#   102.2.0-r0:
#     - CVE-2022-38472
#     - CVE-2022-38473
#     - CVE-2022-38476
#     - CVE-2022-38477
#     - CVE-2022-38478
#   102.1.0-r0:
#     - CVE-2022-2505
#     - CVE-2022-36314
#     - CVE-2022-36318
#     - CVE-2022-36319
#   91.11.0-r0:
#     - CVE-2022-2200
#     - CVE-2022-31744
#     - CVE-2022-34468
#     - CVE-2022-34470
#     - CVE-2022-34472
#     - CVE-2022-34478
#     - CVE-2022-34479
#     - CVE-2022-34481
#     - CVE-2022-34484
#   91.10.0-r0:
#     - CVE-2022-31736
#     - CVE-2022-31737
#     - CVE-2022-31738
#     - CVE-2022-31739
#     - CVE-2022-31740
#     - CVE-2022-31741
#     - CVE-2022-31742
#     - CVE-2022-31747
#   91.9.1-r0:
#     - CVE-2022-1529
#     - CVE-2022-1802
#   91.9.0-r0:
#     - CVE-2022-29909
#     - CVE-2022-29911
#     - CVE-2022-29912
#     - CVE-2022-29914
#     - CVE-2022-29916
#     - CVE-2022-29917
#   91.8.0-r0:
#     - CVE-2022-1097
#     - CVE-2022-1196
#     - CVE-2022-24713
#     - CVE-2022-28281
#     - CVE-2022-28282
#     - CVE-2022-28285
#     - CVE-2022-28286
#     - CVE-2022-28289
#   91.7.0-r0:
#     - CVE-2022-26381
#     - CVE-2022-26383
#     - CVE-2022-26384
#     - CVE-2022-26386
#     - CVE-2022-26387
#   91.6.1-r0:
#     - CVE-2022-26485
#     - CVE-2022-26486
#   91.6.0-r0:
#     - CVE-2022-22754
#     - CVE-2022-22756
#     - CVE-2022-22759
#     - CVE-2022-22760
#     - CVE-2022-22761
#     - CVE-2022-22763
#     - CVE-2022-22764
#   91.5.0-r0:
#     - CVE-2021-4140
#     - CVE-2022-22737
#     - CVE-2022-22738
#     - CVE-2022-22739
#     - CVE-2022-22740
#     - CVE-2022-22741
#     - CVE-2022-22742
#     - CVE-2022-22743
#     - CVE-2022-22744
#     - CVE-2022-22745
#     - CVE-2022-22746
#     - CVE-2022-22747
#     - CVE-2022-22748
#     - CVE-2022-22751
#   91.4.0-r0:
#     - CVE-2021-43536
#     - CVE-2021-43537
#     - CVE-2021-43538
#     - CVE-2021-43539
#     - CVE-2021-43541
#     - CVE-2021-43542
#     - CVE-2021-43543
#     - CVE-2021-43545
#     - CVE-2021-43546
#   91.3.0-r0:
#     - CVE-2021-38503
#     - CVE-2021-38504
#     - CVE-2021-38505
#     - CVE-2021-38506
#     - CVE-2021-38507
#     - CVE-2021-38508
#     - CVE-2021-38509
#     - CVE-2021-38510
#   91.2.0-r0:
#     - CVE-2021-32810
#     - CVE-2021-38492
#     - CVE-2021-38493
#     - CVE-2021-38495
#     - CVE-2021-38496
#     - CVE-2021-38497
#     - CVE-2021-38498
#     - CVE-2021-38500
#     - CVE-2021-38501
#   78.13.0-r0:
#     - CVE-2021-29980
#     - CVE-2021-29984
#     - CVE-2021-29985
#     - CVE-2021-29986
#     - CVE-2021-29988
#     - CVE-2021-29989
#   78.12.0-r0:
#     - CVE-2021-29970
#     - CVE-2021-29976
#     - CVE-2021-30547
#   78.11.0-r0:
#     - CVE-2021-29967
#   78.10.0-r0:
#     - CVE-2021-23961
#     - CVE-2021-23994
#     - CVE-2021-23995
#     - CVE-2021-23998
#     - CVE-2021-23999
#     - CVE-2021-24002
#     - CVE-2021-29945
#     - CVE-2021-29946
#   78.9.0-r0:
#     - CVE-2021-23981
#     - CVE-2021-23982
#     - CVE-2021-23984
#     - CVE-2021-23987
#   78.8.0-r0:
#     - CVE-2021-23968
#     - CVE-2021-23969
#     - CVE-2021-23973
#     - CVE-2021-23978
#   78.7.0-r0:
#     - CVE-2020-26976
#     - CVE-2021-23953
#     - CVE-2021-23954
#     - CVE-2021-23960
#     - CVE-2021-23964
#   78.6.1-r0:
#     - CVE-2020-16044
#   78.6.0-r0:
#     - CVE-2020-16042
#     - CVE-2020-26971
#     - CVE-2020-26973
#     - CVE-2020-26974
#     - CVE-2020-26978
#     - CVE-2020-35111
#     - CVE-2020-35112
#     - CVE-2020-35113
#   78.5.0-r0:
#     - CVE-2020-15683
#     - CVE-2020-15969
#     - CVE-2020-15999
#     - CVE-2020-16012
#     - CVE-2020-26950
#     - CVE-2020-26951
#     - CVE-2020-26953
#     - CVE-2020-26956
#     - CVE-2020-26958
#     - CVE-2020-26959
#     - CVE-2020-26960
#     - CVE-2020-26961
#     - CVE-2020-26965
#     - CVE-2020-26966
#     - CVE-2020-26968
#   78.3.0-r0:
#     - CVE-2020-15673
#     - CVE-2020-15676
#     - CVE-2020-15677
#     - CVE-2020-15678
#   78.2.0-r0:
#     - CVE-2020-15663
#     - CVE-2020-15664
#     - CVE-2020-15670
#   78.1.0-r0:
#     - CVE-2020-15652
#     - CVE-2020-15653
#     - CVE-2020-15654
#     - CVE-2020-15655
#     - CVE-2020-15656
#     - CVE-2020-15657
#     - CVE-2020-15658
#     - CVE-2020-15659
#     - CVE-2020-6463
#     - CVE-2020-6514
#   68.10.0-r0:
#     - CVE-2020-12417
#     - CVE-2020-12418
#     - CVE-2020-12419
#     - CVE-2020-12420
#     - CVE-2020-12421
#   68.9.0-r0:
#     - CVE-2020-12399
#     - CVE-2020-12405
#     - CVE-2020-12406
#     - CVE-2020-12410
#   68.8.0-r0:
#     - CVE-2020-12387
#     - CVE-2020-12388
#     - CVE-2020-12389
#     - CVE-2020-12392
#     - CVE-2020-12393
#     - CVE-2020-12395
#     - CVE-2020-6831
#   68.7.0-r0:
#     - CVE-2020-6821
#     - CVE-2020-6822
#     - CVE-2020-6825
#   68.6.1-r0:
#     - CVE-2020-6819
#     - CVE-2020-6820
#   68.6.0-r0:
#     - CVE-2019-20503
#     - CVE-2020-6805
#     - CVE-2020-6806
#     - CVE-2020-6807
#     - CVE-2020-6811
#     - CVE-2020-6812
#     - CVE-2020-6814
#   68.5.0-r0:
#     - CVE-2020-6796
#     - CVE-2020-6797
#     - CVE-2020-6798
#     - CVE-2020-6799
#     - CVE-2020-6800
#   68.4.1-r0:
#     - CVE-2019-17016
#     - CVE-2019-17022
#     - CVE-2019-17024
#     - CVE-2019-17026
#   68.3.0-r0:
#     - CVE-2019-17005
#     - CVE-2019-17008
#     - CVE-2019-17009
#     - CVE-2019-17010
#     - CVE-2019-17011
#     - CVE-2019-17012
#   68.2.0-r0:
#     - CVE-2019-11757
#     - CVE-2019-11758
#     - CVE-2019-11759
#     - CVE-2019-11760
#     - CVE-2019-11761
#     - CVE-2019-11762
#     - CVE-2019-11763
#     - CVE-2019-11764
#     - CVE-2019-15903
#   68.1.0-r0:
#     - CVE-2019-9812
#     - CVE-2019-11740
#     - CVE-2019-11742
#     - CVE-2019-11743
#     - CVE-2019-11744
#     - CVE-2019-11746
#     - CVE-2019-11752
#   68.0.2-r0:
#     - CVE-2019-11733
#   68.0-r0:
#     - CVE-2019-11709
#     - CVE-2019-11711
#     - CVE-2019-11712
#     - CVE-2019-11713
#     - CVE-2019-11715
#     - CVE-2019-11717
#     - CVE-2019-11719
#     - CVE-2019-11729
#     - CVE-2019-11730
#     - CVE-2019-9811
#   60.7.2-r0:
#     - CVE-2019-11708
#   60.7.1-r0:
#     - CVE-2019-11707
#   60.7.0-r0:
#     - CVE-2019-9815
#     - CVE-2019-9816
#     - CVE-2019-9817
#     - CVE-2019-9818
#     - CVE-2019-9819
#     - CVE-2019-9820
#     - CVE-2019-11691
#     - CVE-2019-11692
#     - CVE-2019-11693
#     - CVE-2019-7317
#     - CVE-2019-9797
#     - CVE-2018-18511
#     - CVE-2019-11694
#     - CVE-2019-11698
#     - CVE-2019-5798
#     - CVE-2019-9800
#   60.6.1-r0:
#     - CVE-2019-9810
#     - CVE-2019-9813
#     - CVE-2019-9790
#     - CVE-2019-9791
#     - CVE-2019-9792
#     - CVE-2019-9793
#     - CVE-2019-9794
#     - CVE-2019-9795
#     - CVE-2019-9796
#     - CVE-2019-9801
#     - CVE-2018-18506
#     - CVE-2019-9788
#   60.5.2-r0:
#     - CVE-2019-5785
#     - CVE-2018-18335
#     - CVE-2018-18356
#   60.5.0-r0:
#     - CVE-2018-18500
#     - CVE-2018-18505
#     - CVE-2018-18501
#   52.6.0-r0:
#     - CVE-2018-5089
#     - CVE-2018-5091
#     - CVE-2018-5095
#     - CVE-2018-5096
#     - CVE-2018-5097
#     - CVE-2018-5098
#     - CVE-2018-5099
#     - CVE-2018-5102
#     - CVE-2018-5103
#     - CVE-2018-5104
#     - CVE-2018-5117
#   52.5.2-r0:
#     - CVE-2017-7843

# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
	sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}

prepare() {
	default_prepare
	cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/

	_clear_vendor_checksums audio_thread_priority
	_clear_vendor_checksums libc

	base64 -d "$srcdir"/mozilla-location.keys > "$builddir"/mozilla-api-key

	case "$CARCH" in
	armv7)
		# armv7 rust seems to not have neon enabled by default
		RUSTFLAGS="$RUSTFLAGS -C target-feature=+neon"
		;;
	esac

	cat > base-mozconfig <<-EOF
	# disable unwanted things
	ac_add_options --disable-bootstrap
	ac_add_options --disable-cargo-incremental
	ac_add_options --disable-debug
	ac_add_options --disable-debug-symbols
	ac_add_options --disable-install-strip
	ac_add_options --disable-jemalloc
	ac_add_options --disable-strip
	ac_add_options --disable-tests
	ac_add_options --disable-updater

	# features
	ac_add_options --enable-alsa
	ac_add_options --enable-dbus
	ac_add_options --enable-default-toolkit=cairo-gtk3-wayland
	ac_add_options --enable-ffmpeg
	ac_add_options --enable-hardening
	ac_add_options --enable-linker=lld
	ac_add_options --enable-necko-wifi
	ac_add_options --enable-official-branding
	ac_add_options --enable-optimize="$CFLAGS"
	ac_add_options --enable-pulseaudio
	ac_add_options --enable-release
	ac_add_options --enable-update-channel=release

	# system libs
	ac_add_options --enable-system-pixman
	ac_add_options --with-system-ffi
	ac_add_options --with-system-icu
	ac_add_options --with-system-jpeg
	ac_add_options --with-system-libevent
	ac_add_options --with-system-libvpx
	ac_add_options --with-system-nspr
	ac_add_options --with-system-nss
	ac_add_options --with-system-png
	ac_add_options --with-system-webp
	ac_add_options --with-system-zlib

	# misc
	ac_add_options --allow-addon-sideload
	ac_add_options --prefix=/usr
	ac_add_options --with-app-name=firefox-esr
	ac_add_options --with-distribution-id=org.alpinelinux
	ac_add_options --with-libclang-path=/usr/lib
	ac_add_options --with-unsigned-addon-scopes=app,system
	ac_add_options --with-wasi-sysroot=/usr/share/wasi-sysroot
	ac_add_options --host=$CHOST
	ac_add_options --target=$CTARGET

	# objdir
	mk_add_options MOZ_OBJDIR="$builddir/obj"

	mk_add_options RUSTFLAGS="$RUSTFLAGS"

	# keys
	# these are for alpine linux use only
	ac_add_options --with-mozilla-api-keyfile="$builddir/mozilla-api-key"
	EOF

	case "$CARCH" in
	x86|armv7|loongarch64)
		# x86: https://github.com/rust-lang/libc/issues/3476
		# armv7: error: unknown type name 'fpregset_t'
		echo "ac_add_options --disable-crashreporter" >> base-mozconfig
		;;
	esac

	case "$CARCH" in
	# lto for 64-bit systems only
	aarch64|x86_64|ppc64le)
		echo "ac_add_options --enable-lto=cross" >> base-mozconfig
		;;
	esac
}

build() {
	cat > .mozconfig base-mozconfig

	export MOZ_BUILD_DATE="$(date ${SOURCE_DATE_EPOCH:+ -d@${SOURCE_DATE_EPOCH}} "+%Y%m%d%H%M%S")"

	# for lto
	ulimit -n 4096

	# can't be set here and fail
	unset RUSTFLAGS

	local thinlto_jobs=${JOBS:-1}
	local link_threads=${JOBS:-1}

	case "$CARCH" in
	# on this platform, lld seems to not utilise >1 threads for thinlto for some reason.
	# at the same time, having more than 8 also crashes lld for firefox buildsystems (why?).
	aarch64)
		if [ $thinlto_jobs -gt 8 ]; then
			thinlto_jobs=8
		fi
		;;
	esac

	# on 32-bit, using more than 1 threads leads to OOM issues
	case "$CARCH" in
	arm*|x86)
		link_threads=1
		;;
	esac

	export LDFLAGS="$LDFLAGS -Wl,--thinlto-jobs=$thinlto_jobs -Wl,--threads=$link_threads"

	export SHELL=/bin/sh
	export BUILD_OFFICIAL=1
	export MOZILLA_OFFICIAL=1
	export USE_SHORT_LIBNAME=1
	export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
	export MOZ_APP_PROFILE="mozilla/firefox"
	export MOZ_APP_REMOTINGNAME=firefox-esr
	export MOZBUILD_STATE_PATH="$srcdir"/mozbuild
	# disable desktop notifications
	export MOZ_NOSPAM=1
	# Find our triplet JSON
	export RUST_TARGET="$CTARGET"

	# Build with Clang, takes less RAM
	# make sure we're using same version as llvm
	export CC="clang-$_llvmver"
	export CXX="clang++-$_llvmver"

	# set rpath so linker finds the libs
	export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"

	# let firefox do this itself.
	unset CARGO_PROFILE_RELEASE_OPT_LEVEL
	unset CARGO_PROFILE_RELEASE_LTO

	export CFLAGS="${CFLAGS/-fstack-clash-protection/} -g0 -O2"
	export CXXFLAGS="${CXXFLAGS/-fstack-clash-protection/} -g0 -O2 -Wno-deprecated-builtins -Wno-deprecated-declarations"

	./mach build
}

package() {
	DESTDIR="$pkgdir" ./mach install

	local _png
	for _png in ./browser/branding/official/default*.png; do
		local i=${_png%.png}
		i=${i##*/default}
		install -d "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/
		ln -s "$_mozappdir"/browser/chrome/icons/default/default"$i".png \
			"$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox-esr.png
	done

	install -Dm644 browser/branding/official/content/about-logo.png \
		"$pkgdir"/usr/share/icons/hicolor/192x192/apps/firefox-esr.png
	install -Dm644 browser/branding/official/default256.png \
		"$pkgdir"/"$_mozappdir"/browser/chrome/icons/default/default256.png
	install -Dm644 browser/branding/official/content/about-logo@2x.png \
		"$pkgdir"/usr/share/icons/hicolor/384x384/apps/firefox-esr.png
	install -Dm644 browser/branding/official/content/about-logo.svg \
		"$pkgdir"/usr/share/icons/hicolor/scalable/apps/firefox-esr.svg

	install -Dm644 "$srcdir"/firefox.desktop \
		"$pkgdir"/usr/share/applications/firefox-esr.desktop

	install -Dm644 "$srcdir"/distribution.ini \
		"$pkgdir"/$_mozappdir/distribution/distribution.ini

	# install our vendor prefs
	install -Dm644 "$srcdir"/vendor-prefs.js \
		"$pkgdir"/$_mozappdir/browser/defaults/preferences/vendor.js

	# Generate appdata file
	mkdir -p "$pkgdir"/usr/share/metainfo/
	export VERSION="$pkgver"
	export DATE="$_releasedate"
	envsubst < "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox-esr.appdata.xml

	# Replace duplicate binary with wrapper
	# https://bugzilla.mozilla.org/show_bug.cgi?id=658850
	install -Dm755 /dev/stdin "$pkgdir"/usr/bin/firefox-esr <<- EOF
	#!/bin/sh
	exec $_mozappdir/firefox-esr "\$@"
	EOF
	rm "$pkgdir"/$_mozappdir/firefox-esr-bin
	ln -sfv /usr/bin/firefox-esr "$pkgdir"/$_mozappdir/firefox-esr-bin

	# Add paxrelabel configuration to grant JIT access on systems with
	# a PaX implementation.
	mkdir -p "$pkgdir"/usr/share/paxrelabel.d
	echo "PEmRs /usr/lib/firefox-esr/firefox-esr" > "$pkgdir"/usr/share/paxrelabel.d/"$pkgname"
}

intl() {
	pkgdesc="$pkgname - International ICU data"
	depends="icu-data-full"
	install_if="$pkgname=$pkgver-r$pkgrel icu"
	mkdir -p "$subpkgdir"
}

sha512sums="
e720b1f993926d73f5a5727648f753176ac2fd093fb0b71393946bbc5919ce5fc7b88b82960bd1aa427b5663c7f659828dc6702485fc0c1e7a6961571c67faa3  firefox-128.4.0esr.source.tar.xz
520850448d3804e8ccfc17934c784ddbd760c93476e1a0051c029dde036d76a20c7116ccd645ebb888b09e7fa65766a0a9a139a80f478e3f6fb169b6cf68508f  esr-metainfo.patch
19eea840aa9c1c21e7bd1f832ec078989fe6f08fca40baa271be7e74f1cffeb5ab8d3218a93e664b8d90a41506dede524e2a5174cd47580866109bc6711ea969  fix-fortify-system-wrappers.patch
cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556  fix-rust-target.patch
305c874fdea3096e9c4c6aa6520ac64bb1c347c4b59db8360096646593fe684c3b5377874d91cecd33d56d1410b4714fbdea2b514923723ecbeff79d51265d9b  fix-webrtc-glibcisms.patch
b7a2beef126569d71242198f2503bb6a32acd1ea89080ef7bed6ba0f0d10819282c2c346c6f729d81cd90e328e607b88acaac8785ed057cc8cb562e315890334  force-can-use-pack-relative-relocs.patch
afabea91b328c5a68eaa20f9099ac7b2d0e7f2423e816b05ed168bdd326a5684fa02de08bf05c6033e9b888f02775d1b0443a00329b7a632ee399122a391c13a  icu74.patch
e75daab5573ec6e28d3940a9bb98304d572dfb26ce7c1709e99fdd75dfa58abce170c96de683f8dc2224ea2e118aa7d78affbd54f99c4e328a4641685d64bd7d  lfs64.patch
5c5587dadeedc89210857ef2096682387f790c362b38d93d0263ee0cfc93938bf11579b91d8673bb5683cc6106bcb93687b03a92761b8323fe9ac294912834db  loong0001-Enable-WebRTC-for-loongarch64.patch
39a1d3de17e9a3fcd8328e677e76eca1fdc6d850f0febbcb88a747c9b3ed0d4dafc4ee9e04de7bbcb3d851b34d9681bedaed954f8651c5f70043683717138a54  loong0002-Rust-libc-add-support-for-loongarch64-musl.patch
bcc6987568082e5471962fed98110c13f9a81de7bba11cd961c2ac6c1240e677dc141d6834bf5755d2d85fc8251e522920dd3d9afae20ed9d9896b632ee9336f  loong0003-Define-HWCAP_LOONGARCH_LSX_and_LASX.patch
f95b3a8338b34c98ae028278fcec3a1ae48d8de9fa9eed54544151ae994b57b8d0ff0e6363632257d3cbe9452bcd93ade5c139cf728d0a149a038a179a0b4016  loong0004-Fix-ycbcr-chromium_types-warning.patch
ea3e9a3aac3f4396f421e5922381d10614ade75e4caf604e4fbf290f5e2e1c43c168548491d1213eab5217dcd5e1668e7b499b2d0c5807765204fae7140ca596  loong0005-Fix-libyuv-build-with-LSX-LASX.patch
c0437a6753f3f350968fa12d250efdfe1bea77baf0e4c06b072b5cc9e78c774dbf4506bc536337030d349fb3ba4460097b75b0c7c5b8fb2d39d8b0a392948936  no-ccache-stats.patch
b586ddb21b50fa8fba798c3a269518049c38cc52fd91ad00e96a3f1144e6b2879d9df1a182a2fb181898042043ae98381a70d0e4acbf8aa705d2b4f62c17a5a1  nrappkit-qsort.patch
ea9ca4bae9c56497ec6de6ba8599e8428c6ba623c71ea9e40655970102c70b9407dc4e8403d068781174b15e03ab484a89463c9e8623cfac32d82fbbe43cb65e  ppc-musttail.patch
9beadab45f2a6501f5b822beef96314781276b9bc78f9e1da0f4992dc41f4d68c6274b641981f33aecbeb9df6fe879727d4cf28b37d26330d8af9e41fc691656  riscv64-no-lto.patch
1c6918dd6655d3a1251bfd4af2e1c561cbb00d540a883b4c1ebf7f5de530d754d9ac07b4b5f56cdab6c511d25c8910ec94043f5733e97501a67abffe1bafaeb1  rust-lto-thin.patch
2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609  sandbox-fork.patch
f8c3555ef6207933cbffbf4fc101a9b4c0d2990c0063162f0f0bde70ef0b46f86bfac42e7110695183424a87948de593f3927b2d8509ede3e4fc7bd8a1fad1ce  sandbox-sched_setscheduler.patch
67bc0be3da973e6859256bf9be4df7100837430e6076fc0bd623f504c35e02e6c191e9c5a3a1d202e5ad4d89f874f254a09e164e39c7bfd97bbc8d4c8d0632a5  sqlite-ppc.patch
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
d717ef8aee0342a6cbf89962986d4df695f395e8ac6e330f000e18d0258e80c8d475924d3020fb6bf7cc95f3de162e482009f8f0aadcdb90f8f39ac0356ad51d  firefox.desktop
de0102e308c6a18c47bc70c2b2598ba6f93fa5023b7dcc440a9a5c8042ef82172358d809450c8a8ad3113539aaa36668925768df95501b924490771a8082f74a  distribution.ini
382510375b1a2fa79be0ab79e3391a021ae2c022429ffbaa7e7a69166f99bb56d01e59a1b10688592a29238f21c9d6977672bd77f9fae439b66bdfe0c55ddb15  mozilla-location.keys
37ba6a08a80f09195cbc290b5e47c9893fcf5907823f77f539cd35622d578f790940d4cbb2e0e3582ebce8af137213772f3b560d5a7d9bccc4e37d02d1ed030c  vendor-prefs.js
"
